AppSec Blog

Application Security news, research, vulnerabilities, DevSecOps, CI/CD tooling, hacking and more

csrf attack banner
Vulnerabilities

CSRF Attacks: Real Life Attacks and Code Walkthrough

What is CSRF Attack? Cross-Site Request Forgery (CSRF) attacks execute unauthorized actions on web applications, via an authenticated end-user’s connection. Threat actors typically use social

AppSec Testing

Putting the Sec in DevSecOps

Last week I had the pleasure of presenting at the Pittsburgh Cybersecurity day in partnership with ISACA. It was exciting to see more than 250

AppSec Testing

DevSecOps Tooling Best Practices

DevOps teams have become successful in releasing code at speed, whether for webapps or APIs, but with the lack of testing automation, are releasing vulnerabilities

Vulnerabilities

What is Business Constraint Bypass

While security professionals pay significant attention to technical vulnerabilities such as SQL Injection, CSRF and Cross-Site Scripting, modern applications are just as susceptible to business

AppSec Testing

Is your API security testing process mature enough?

Regardless of the maturity of your development and security processes / methodologies, integrating security testing automation into your API development pipelines is a struggle. With

AppSec Testing

SAST vs DAST

In our last post we talked about SAST solutions and why they are not always the best  solution for AST. In this blog post, we

News

Bright is now ISO 27701 Certified!

We at Bright are very proud to announce that we have been awarded the accredited certification on ISO 27701, the international standard on data privacy.